Vulnerable websites are regularly hijacked to redirect users to malicious domains. The most popular type of of malicious page are Fake AV pages. Attackers commonly increase traffic to these hijacked websites using Blackhat SEO techniques.
Blackhat SEO requires that two different pages be delivered to different audiences:
|Found on dailygizmonews.com|
|Found on malaysianaspiration.com|
All of these examples result in the same HTML code, an IFRAME injection pointing to a malicious domain:
Ironically, this malicious code might actually keep user safer. Since it is present on all pages, regardless of the HTTP Referrer, the entire website is flagged as malicious much more quickly by search engines.